Johan Caluwe

3 exploits Active since Mar 2017
CVE-2016-9130 WRITEUP MEDIUM WRITEUP
Revive Adserver < 3.2.3 - Authenticated Stored Cross-Site Scripting in Campaign-Zone.php
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name wasn't properly escaped when displayed in the campaign-zone.php script.
CVSS 5.4
CVE-2016-9454 WRITEUP MEDIUM WRITEUP
Revive Adserver < 3.2.3 - Authenticated Stored Cross-Site Scripting via Banner Image URL
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages.
CVSS 5.4
CVE-2024-26289 WRITEUP CRITICAL WRITEUP
PMB 7.3.1-7.3.17 - Remote Code Execution via Untrusted Data Deserialization
Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18.
CVSS 9.8